GnuPG’s gpg-agent is similar to ssh-agent. It manages your private keys so that you don’t have to enter a passphrase during every use. For example, once the agent has the decrypted key, the following will not prompt for a passphrase:

echo hi | gpg -e -r chendry | gpg -d --use-agent

Add the following to your ~/.profile to get gpg-agent working nicely in OSX:

[ -f ~/.gpg-agent-info ] && source ~/.gpg-agent-info
if [ -S "${GPG_AGENT_INFO%%:*}" ]; then
  eval $( gpg-agent --daemon --write-env-file ~/.gpg-agent-info )


the --write-env-file argument to gpg-agent produces a file that can be executed by a script to set the GPG_AGENT_INFO environment variable:


Whenever we start gpg-agent, we tell it to write this to ~/.gpg-agent-info so that subsequent shells can source it, thus setting the environment variable.

However, we also need to test that the daemon is still up and running. To do so, we use bash’s parameter expansion to isolate the full path to the socket file, and then test that it currently exists as a socket. If it does exist is a socket, we know that instance of gpg-agent is still running, so we export the environment variable and we’re done.

If gpg-agent is not running, we start it. In this case, our invocation of gpg-agent outputs a script to set and export GPG_AGENT_INFO, so we can simply eval it.